ADVANCE WARNING: Google moving to 2048-bit SSL and root keys

Ryan Gard ryangard at
Sat May 25 06:37:00 UTC 2013

>From what it looks like, I'd assume they'll be sticking with a CA that has
a 2048 bit certificate as well.

Seems they also put a sandbox for testing together. That being said, they
won't confirm or deny whether or not they'll be using the same CA as they
have in the sandbox...

On Fri, May 24, 2013 at 9:34 PM, Jimmy Hess <mysidia at> wrote:

> On 5/24/13, Jay Ashworth <jra at> wrote:
> Hm..  this might be no big deal if not for public key pinning and CA
> pinning in modern browsers of certain sites,  they could just get
> themselves 2048 bit certificates from any CA...
> So what could otherwise be a routine certificate change, may have some
> unusual extra baggage attached to it -- requiring end users performing
> software code update in their only slightly outdated browsers,
> instead of just switching certificates,   so they stop getting big red
> SSL errors when trying to perform searches via Google...
> > Via PRIVACY Forum:
> >
> > ----- Forwarded Message -----
> >> From: "PRIVACY Forum mailing list" <privacy at>
> >
> >> Google moving to longer SSL keys
> >>
> >> (Google Online Security Blog)
> --
> -JH

Ryan Gard

More information about the NANOG mailing list